Navigation

mongocli atlas dbuser certs create

On this page

The dbuser certs create command creates an Atlas-managed X.509 certificate for the specified MongoDB database user who authenticates using X.509 certificates. You can also create an Atlas-managed X.509 certificate for a MongoDB database user through the Atlas UI or API.

Important

You cannot use the dbuser certs create command to list certificates for MongoDB database users if

  • You are managing your own Certificate Authority (CA) in Self-Managed X.509 mode. You must generate certificates for database users using your own CA.
  • The user you specify does not authenticate using X.509 certificates.

Syntax

mongocli atlas dbuser certs create
     [ --monthsUntilExpiration <number of months until certificate expires> ]
     [ --output|-o <output-format> ]
     [ --profile|-P <profile-name> ]
     [ --projectId <project-ID> ]
     --username <name-of-user>

Note

Use -h or --help to view the command-line help for this command.

Options

Option Type Description Required?
--monthsUntilExpiration integer Months until the X.509 certificate expires. Maximum value is 24. Defaults to 3. no
--output, -o string

Command output format. Valid values are:

  • json for output in JSON format
  • go-template for custom output using the Go template
  • go-template-file for custom output specified using Go template file

If omitted, the command returns output in the default format.

no
--profile, -P string Name of the profile where the public and private keys for the project are saved. If omitted, uses the default profile. To learn more about creating a profile, see Configure the MongoDB CLI. no
--projectId string Unique identifier of the project that contains the MongoDB database user. If omitted, uses the project ID in the profile or environment variable. no
--username string Username for whom you want to create a X.509 certificate. yes

Output

The command prints the following fields in the specified format to the terminal if the command succeeds. If the command prints an error, see Troubleshooting for recommended solutions.

Field Description
certificate The PEM-encoded X.509 certificate that Atlas created for the user.
monthsUntilExpiration Months until the X.509 certificate expires. Maximum value is 24. Defaults to 3.
username Username for whom Atlas generated the x.509 certificate.

Example

The following example uses the mongocli atlas dbuser certs create command to create an Atlas-managed X.509 certificate for a MongoDB database user dbuser. It uses the default profile to access Atlas and generate the X.509 certificate.

mongocli atlas dbuser certs create --username dbuser --output json
--monthsUntilExpiration 3 --projectId 5e2211c17a3e5a48f5497de3

The previous command prints the following fields to the terminal. To learn more about these fields, see Output.

{
  "username": "dbuser",
  "monthsUntilExpiration": 3,
  "certificate": "-----BEGIN CERTIFICATE-----\n...\n-----END CERTIFICATE-----\n-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----\n"
}